IETF Logo Mail Archive

Re: [DNSOP] Status of "let localhost be localhost"?

"Paul Hoffman" <paul.hoffman@vpnc.org> Sun, 13 August 2017 20:51 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3A80132AE5 for <dnsop@ietfa.amsl.com>; Sun, 13 Aug 2017 13:51:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zUa4RSgxdacW for <dnsop@ietfa.amsl.com>; Sun, 13 Aug 2017 13:51:26 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BAD01132A7F for <dnsop@ietf.org>; Sun, 13 Aug 2017 13:51:26 -0700 (PDT)
Received: from [10.32.60.33] (142-254-101-176.dsl.dynamic.fusionbroadband.com [142.254.101.176]) (authenticated bits=0) by mail.proper.com (8.15.2/8.14.9) with ESMTPSA id v7DKoTjA059486 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <dnsop@ietf.org>; Sun, 13 Aug 2017 13:50:30 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 142-254-101-176.dsl.dynamic.fusionbroadband.com [142.254.101.176] claimed to be [10.32.60.33]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: dnsop <dnsop@ietf.org>
Date: Sun, 13 Aug 2017 13:51:24 -0700
Message-ID: <D4C0F17B-A939-41BD-855A-77A6E7986941@vpnc.org>
In-Reply-To: <C12D3CFC-74DF-49C1-8947-863D49EEEEA5@dotat.at>
References: <20170812170958.14197.qmail@ary.lan> <B21C539E-75AF-43F1-B6B0-4BDC25C6D670@fugue.com> <4544C6A8-5591-454F-9E94-F3CADD3CDD2D@vpnc.org> <42C048AD-E5BC-4D13-BE26-F9ED5D049FC9@fugue.com> <C12D3CFC-74DF-49C1-8947-863D49EEEEA5@dotat.at>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
X-Mailer: MailMate (1.9.6r5347)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OOeuWBSKr1WOwdOtkAUzETG4lOs>
Subject: Re: [DNSOP] Status of "let localhost be localhost"?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Aug 2017 20:51:28 -0000

On 13 Aug 2017, at 10:19, Tony Finch wrote:

>> On 12 Aug 2017, at 22:35, Ted Lemon <mellon@fugue.com> wrote:
>>
>> That is, the title of the document should be "DNS servers should 
>> return NXDOMAIN for localhost" and the abstract should say why, and 
>> then the bit about stub resolvers translating "localhost" to a 
>> reachable identifier for the localhost such as 127.1 or ::1 should be 
>> the thing that's mentioned as an aside.
>
> RFC 6761 requires recursive servers to return positive 127.0.0.1 and 
> ::1 responses, not NXDOMAIN. I can't see an explanation in the draft 
> for the change to NXDOMAIN.

And there should be. Proposed addition to the last paragraph of Section 
1:

A consequence of the requirement that the resolver APIs MUST resolve 
"localhost." and any names falling within ".localhost." to loopback 
addresses is that caching DNS servers and authoritative DNS servers MUST 
NOT resolve those names at all, and always return NXDOMAIN.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email